CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-10717 – Styler for Ninja Forms <= 3.3.4 - Authenticated (Subscriber+) Arbitrary Option Deletion via deactivate_license
https://notcve.org/view.php?id=CVE-2024-10717
The Styler for Ninja Forms plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the deactivate_license function in all versions up to, and including, 3.3.4. ... This can be leveraged to delete an option that would create an error on the site and deny service to legitimate users. • https://plugins.trac.wordpress.org/browser/styler-for-ninja-forms-lite/tags/3.3.4/admin-menu/licenses.php#L126 https://www.wordfence.com/threat-intel/vulnerabilities/id/a26da53c-4be0-4c9f-9caf-05f054a6d5e7?source=cve • CWE-862: Missing Authorization •
CVSS: 5.3EPSS: 0%CPEs: -EXPL: 0CVE-2024-50558
https://notcve.org/view.php?id=CVE-2024-50558
This could allow an attacker to cause a temporary denial of service condition. • https://cert-portal.siemens.com/productcert/html/ssa-354112.html • CWE-284: Improper Access Control •
CVSS: 6.9EPSS: 0%CPEs: -EXPL: 0CVE-2024-46891
https://notcve.org/view.php?id=CVE-2024-46891
The affected application does not properly restrict the size of generated log files. This could allow an unauthenticated remote attacker to trigger a large amount of logged events to exhaust the system's resources and create a denial of service condition. • https://cert-portal.siemens.com/productcert/html/ssa-915275.html • CWE-125: Out-of-bounds Read CWE-400: Uncontrolled Resource Consumption •
CVSS: 4.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8882
https://notcve.org/view.php?id=CVE-2024-8882
A buffer overflow vulnerability in the CGI program in the Zyxel GS1900-48 switch firmware version V2.80(AAHN.1)C0 and earlier could allow an authenticated, LAN-based attacker with administrator privileges to cause denial of service (DoS) conditions via a crafted URL. • https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-post-authentication-command-injection-and-buffer-overflow-vulnerabilities-in-gs1900-series-switches-11-12-2024 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 5.3EPSS: 0%CPEs: -EXPL: 0CVE-2024-48075
https://notcve.org/view.php?id=CVE-2024-48075
A Heap buffer overflow in the server-site handshake implementation in Real Time Logic SharkSSL 09.09.24 and earlier allows a remote attacker to trigger a Denial-of-Service via a malformed TLS Client Key Exchange message. A Heap buffer overflow in the server-site handshake implementation in Real Time Logic SharkSSL from 09/09/24 and earlier allows a remote attacker to trigger a Denial-of-Service via a malformed TLS Client Key Exchange message. • https://github.com/RealTimeLogic/SharkSSL/commit/7045f6f254060640ff77eef2027f108fcc20e2f2 https://www.telekom.com/resource/blob/1083076/8bf5c03520005b8e699dfb9bce470fc7/dl-241104-cve-2024-48075-data.pdf • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •